I Made An All-In-One Usb Drive As A Farewell Gift For A Colleague

I Made An All-In-One USB Drive As A Farewell Gift For A Colleague

Introduction

In the world of DevOps and system administration, few gestures carry more practical weight than a meticulously crafted troubleshooting toolkit. When a valued colleague recently departed our team, I wanted to create something more meaningful than the standard farewell card - a Swiss Army knife of digital utilities that would prove genuinely useful in real-world IT scenarios.

This comprehensive guide details how I transformed an ordinary USB drive into a multi-purpose powerhouse containing Ventoy-based boot environments, OS installers, recovery tools, and automation scripts. For infrastructure professionals managing hybrid environments, homelabs, or disaster recovery scenarios, such a toolkit becomes indispensable when hardware fails, systems need reimaging, or critical recovery operations demand immediate attention.

You’ll learn how to:

1. Create a Ventoy-based multi-boot USB drive with UEFI/BIOS compatibility
2. Curate essential system recovery and installation ISOs
3. Implement persistent storage for Linux live environments
4. Integrate Windows activation scripts with proper security safeguards
5. Maintain and update your toolkit with verification procedures

The resulting device combines years of system administration wisdom into a single portable solution - equally valuable for enterprise IT departments, cloud engineers managing bare-metal systems, or homelab enthusiasts experimenting with different operating systems.

Understanding the All-In-One USB Toolkit

What Is Ventoy?

Ventoy is an open-source tool that revolutionizes bootable USB creation by allowing direct booting from ISO files without extraction or reformatting. Unlike traditional solutions like Rufus or UNetbootin that overwrite the entire drive for each OS, Ventoy creates a persistent partition where you can simply copy ISO files.

Key features:

• Multi-boot support for 1,000+ ISO files (Windows, Linux, BSD)
• UEFI and Legacy BIOS compatibility
• File persistence for Linux distributions
• Plugin system for custom behaviors
• Read-only design protects against accidental corruption

Historical Context

Before Ventoy (first released in 2020), creating multi-boot USBs required complex solutions:

1. Manual GRUB configuration: Time-consuming and error-prone
2. Specialized tools: YUMI or MultiBootUSB with limited ISO compatibility
3. Virtual disk solutions: Plop Boot Manager with performance penalties

Ventoy’s breakthrough came from its simple two-partition approach:

Partition	Type	Contents	Size
1	exFAT/NTFS	Ventoy files and ISO collection	1-2MB
2	FAT32	Bootloader and configuration	Remaining space

Real-World Use Cases

1. Disaster Recovery: Boot Hiren’s BootCD PE or SystemRescue immediately
2. OS Installation: Deploy Windows, Ubuntu, or ESXi without media swapping
3. Forensics: Run Kali Linux or CAINE with write protection
4. Hardware Testing: MemTest86+ or GPU stress utilities
5. Secure Environments: Tails OS with automatic memory wiping

Advantages Over Alternatives

Tool	Multi-ISO Support	Persistence	UEFI Secure Boot	Active Development
Ventoy	★★★★☆	★★★★☆	★★★☆☆	★★★★★
YUMI	★★★☆☆	★★☆☆☆	★★☆☆☆	★★★☆☆
Rufus	★☆☆☆☆	★☆☆☆☆	★★★★☆	★★★★☆
Etcher	★☆☆☆☆	★☆☆☆☆	★★★☆☆	★★★☆☆

Prerequisites

Hardware Requirements

1. USB Drive:
   • Minimum: 32GB USB 3.0 drive (SanDisk Extreme Pro recommended)
   • Optimal: 1TB NVMe SSD in USB enclosure (for large ISO collections)
2. Host System:
   • x86_64 processor with VT-x/AMD-V support
   • USB 3.0+ port
   • Secure Boot disable capability (for some ISOs)

Software Requirements

• Ventoy: Latest stable release (1.0.96 as of writing)
• ISO Files: Verified downloads from official sources:
  • Ubuntu Live Server (ubuntu-22.04.3-live-server-amd64.iso)
  • Windows 10/11 Installation Media (Win11_23H2_English_x64.iso)
  • SystemRescue (systemrescue-10.01-amd64.iso)
• Utilities:
  • GnuPG (gpgv2 for signature verification)
  • shasum (for checksum validation)
  • parted (for manual partitioning)

Security Considerations

1. ISO Verification: Always verify checksums and PGP signatures:

   # Ubuntu verification example
   gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0x46181433FBB75451 0xD94AA3F0EFE21092
   gpg --verify SHA256SUMS.gpg SHA256SUMS
   shasum -a 256 -c SHA256SUMS 2>/dev/null | grep ubuntu-22.04.3-live-server-amd64.iso
   

2. Script Sanitization: Audit any third-party scripts:

   # Inspect PowerShell scripts before use
   Get-Content .\windows_activation.ps1 | Select-String -Pattern 'Invoke-WebRequest','Start-Process'
   

Installation & Setup

Step 1: Preparing the USB Drive

WARNING: This process will erase all data on the target drive. Triple-check device identifiers.

# Identify USB device path
lsblk -po NAME,MODEL,SIZE,TRAN | grep usb

# Example output:
# /dev/sdb SanDisk_Ultra_3.0 57.3G usb

# Unmount existing partitions
sudo umount /dev/sdb*

# Install Ventoy (Linux example)
wget https://github.com/ventoy/Ventoy/releases/download/v1.0.96/ventoy-1.0.96-linux.tar.gz
tar xvf ventoy-1.0.96-linux.tar.gz
cd ventoy-1.0.96

# Install to USB device
sudo ./Ventoy2Disk.sh -i -g /dev/sdb

The -g flag enables GPT partitioning for drives >2TB. Key partitions created:

1. VTOYEFI (FAT32): 32MB EFI partition
2. Ventoy (exFAT): Remaining space for ISOs

Step 2: Adding Bootable ISOs

Copy files directly to the Ventoy partition:

sudo mount /dev/sdb2 /mnt/ventoy

# Organized directory structure
sudo mkdir -p /mnt/ventoy/{Linux,Windows,Recovery,Tools}

# Copy ISOs with verification
sudo cp -v ubuntu-22.04.3-live-server-amd64.iso /mnt/ventoy/Linux/
sudo cp -v Win11_23H2_English_x64.iso /mnt/ventoy/Windows/

# Verify file integrity after transfer
sudo shasum -a 256 /mnt/ventoy/Linux/ubuntu-22.04.3-live-server-amd64.iso

Step 3: Enabling Persistence

For Linux distributions that support live booting with persistence:

1. Create persistence file:

   dd if=/dev/zero of=persistence.img bs=1M count=4096
   mkfs.ext4 -F persistence.img
   

2. Add Ventoy persistence plugin:

   // ventoy/ventoy.json
   {
     "persistence": [
       {
         "image": "/Linux/ubuntu-22.04.3-live-server-amd64.iso",
         "backend": "/persistence/ubuntu_persist.img"
       }
     ]
   }
   

Step 4: Integrating Windows Tools

For Windows PE environments and activation scripts:

1. Create Automate directory for scripts:

   New-Item -Path "X:\Automate" -ItemType Directory
   

2. Add signed activation script (use Microsoft’s official MAS):

   # Sample MAS activation command
   .\MAS_AIO.cmd -HWID
   

Security Note: Store activation scripts in encrypted 7z archive with password protection.

Configuration & Optimization

Ventoy Customization

Advanced ventoy.json configuration:

{
  "control": [
    { "VTOY_DEFAULT_MENU_MODE": "0" }, // Text mode
    { "VTOY_TREE_VIEW_MENU_STYLE": "1" } // Tree view
  ],
  "theme": {
    "file": "/themes/ventoy-dark.json",
    "gfxmode": "1920x1080"
  },
  "auto_install": [
    {
      "image": "/Windows/Win11_23H2_English_x64.iso",
      "preset": "/presets/windows_unattend.xml"
    }
  ]
}

Performance Optimization

1. Filesystem Tuning:

   # Optimize exFAT allocation size for large ISOs
   mkfs.exfat -c 1M -L Ventoy /dev/sdb2
   

2. SSD Optimization (NVMe USB enclosures):

   # Enable write caching
   hdparm -W 1 /dev/sdb
   # Set I/O scheduler to none
   echo none > /sys/block/sdb/queue/scheduler
   

Security Hardening

1. Secure Boot Configuration:

   # Sign custom GRUB images
   sbsign --key db.key --cert db.crt --output grubx64.efi.signed grubx64.efi
   

2. BIOS Password Protection:

   # Set GRUB password
   grub-mkpasswd-pbkdf2
   # ventoy/grub.cfg
   set superusers="admin"
   password_pbkdf2 admin grub.pbkdf2.sha512.10000.92D5EC...
   

Usage & Operations

Boot Menu Navigation

Key Ventoy operations:

Key	Function
F1	Help screen
F2	File browser
F3	Switch between list/tree view
F5	Refresh device list
Ctrl+i	Checksum verification

Maintaining Your Toolkit

1. Updating Ventoy:

   sudo ./Ventoy2Disk.sh -u /dev/sdb
   

2. Adding New ISOs:

   rsync -avh --progress ~/ISOs/ /mnt/ventoy/Linux/
   

3. Persistence Management:

   # Resize Ubuntu persistence file
   dd if=/dev/zero bs=1M count=1024 >> ubuntu_persist.img
   e2fsck -f ubuntu_persist.img
   resize2fs ubuntu_persist.img
   

Troubleshooting Common Issues

Boot Failures

Symptom: “Invalid signature detected” in UEFI mode
Solution: Recreate USB with Secure Boot support:

sudo ./Ventoy2Disk.sh -s /dev/sdb

Symptom: ISOs not appearing in menu
Solution: Verify file system integrity:

sudo fsck.exfat -v /dev/sdb2

Persistence Problems

Symptom: Changes not saving on Ubuntu live
Solution: Check persistence image mapping:

dmesg | grep persistence
mkdir /persist
mount /dev/mapper/ventoy-persist /persist

Conclusion

Creating this all-in-one USB toolkit demonstrates several DevOps principles in action: automation through Ventoy’s configuration, infrastructure-as-code via the reproducible build process, and immutable infrastructure concepts with read-only ISO booting. The final product serves as both a practical troubleshooting tool and a symbolic representation of shared technical values.

For those looking to expand on this project:

1. Implement automated ISO updates with GitHub Actions
2. Add Terraform configurations for cloud recovery scenarios
3. Integrate HashiCorp Vault for secure credential storage

Additional Resources:

• Official Ventoy Documentation
• Microsoft Assessment and Deployment Kit
• Linux Persistent Storage Guide

In an era of cloud-centric operations, physical recovery tools remain essential. This project bridges the gap between modern DevOps practices and bare-metal system administration fundamentals - a fitting tribute to any infrastructure professional’s career journey.